The US Coast Guard issued a safety bulletin informing the maritime industry of recent email phishing and malware intrusion attempts that targeted commercial vessels.
Cyber adversaries are attempting to gain sensitive information, including the content of an official Notice of Arrival (NOA) using email addresses that pose as an official Port State Control (PSC) authority such as: [email protected]
Additionally, the USCG has received reports of malicious software designed to disrupt shipboard computer systems.
Vessel masters have diligently reported suspicious activity to the USCG National Response Center (NRC) in accordance with Title 33 Code of Federal Regulations (CFR) §101.305 – Reporting, enabling the Coast Guard and other federal agencies to counter cyber threats across the global maritime network.
As a reminder, suspicious activity and breaches of security must be reported to the NRC at (800) 424- 8802. For cyber attempts/attacks that do not impact the operating condition of the vessel or result in a pollution incident, owners or operators may alternatively report to the 24/7 National Cyber security and Communications Integration Center (NCCIC) at (888) 282-0870 in accordance with CG-5P Policy Letter 08-16, “Reporting Suspicious Activity and Breaches of Security.”
When reporting to the NCCIC, it is imperative that the reporting party notify the NCCIC that the vessel is a Coast Guard regulated entity in order to satisfy 33 CFR §101.305 reporting requirements, USCG noted.
The NCCIC will in turn forward the report to the NRC that will then notify the cognizant Coast Guard Captain of the Port (COTP).
The Coast Guard urges maritime stakeholders to verify the validity of the email sender prior to responding to unsolicited email messages. If there is uncertainty regarding the legitimacy of the email request, vessel representatives should try contacting the PSC authority directly by using verified contact information.
Additionally, vessel owners and operators should continue to evaluate their cyber defense meaures to reduce the effect of a cyber-attack.
While increased automation and artificial intelligence seem to open new routes for shipping, vulnerability of systems is another area of concern shipping has to encounter.
In mid-2017, the industry was shaken by a major cyber-attack against Maersk, the world’s largest container shipping company, which led the sector to adopt a new look at cyber security issues.
The past year validated this trend as cyber incidents continued affecting ships, operators, ports, and shipbuilders.
Find out more herebelow:
